CVE-2026-3014
Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Serv
CVSS
9.1
Critical
EPSS
0.6%
p47
KEV
—
Exploit Today
14
0-100
Published: Jul 14, 2026 · Last modified: Jul 16, 2026 · CWE-78
0.6%EPSS · 30 days0.6%
2026-07-142026-07-17
Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server Service.
- doc.milestonesys.comhttps://doc.milestonesys.com/en-US/bundle/sec1504_latest/page/milestone_security_advisory_CVE-2026-3014_potential_remote_code_execution_by_admin_user_on_Management_Server.html
- support.milestonesys.comhttps://support.milestonesys.com/article/CVE-2026-3014-potential-remote-code-execution-by-admin-user-on-Management-Server
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-341978.8 HIG99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2024-121210.0 CRI99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability4dCVE-2026-398089.8 CRI99.7%
KEV—80Fortinet FortiSandbox OS Command Injection Vulnerability19hCVE-2022-262589.8 CRI99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability8dCVE-2026-422718.8 HIG99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability3dCVE-2021-252988.8 HIG99.5%
KEV—80Nagios XI OS Command Injection8d